CVE-2023-1698

Summary

In multiple products of WAGO a vulnerability allows an unauthenticated, remote attacker to create new users and change the device configuration which can result in unintended behaviour, Denial of Service and full system compromise.

Affected Software

VendorProductVersion RangeStatus
WAGOCompact Controller CC100FW20 <= FW22affected
WAGOCompact Controller CC100FW23affected
WAGOEdge ControllerFW22affected
WAGOPFC100FW20 <= FW22affected
WAGOPFC100FW23affected
WAGOPFC200FW20 <= FW22affected
WAGOPFC200FW23affected
WAGOTouch Panel 600 Advanced LineFW22affected
WAGOTouch Panel 600 Marine LineFW22affected
WAGOTouch Panel 600 Standard LineFW22affected

Weaknesses

  • CWE-78: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References